20 May
2005
20 May
'05
12:14 p.m.
On Fri, May 20, 2005 at 10:54:17AM +0100, Richard Kettlewell wrote:
Something that nobody's yet mentioned (I think) that seems worth pointing out is that even with a passphrase-protected private key, an attacker who can run as your UID[1] can arrange to capture the passphrase next time you use it anyway.
That doesn't make passphrases useless, for instance they still defend against an attacker who can read your files but not run code under your UID.
[1] i.e. they don't even necessarily have to take control of the entire machine
Which again points down the line that says it's the physical machine security that really matters.
--
Chris Green (chris@areti.co.uk)
"Never ascribe to malice that which can be explained by incompetence."